Security Best Practice: Blocking Skype
| Check Point Reference: | SBP-2007-07 | |
| Date Published: | ||
| Severity: | ||
| Source: | SmartDefense Research Center | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Skype | ||
| Vulnerability Description Instant Messaging applications allow communication and collaboration between Internet users using various modes of communication, including instant messages exchange, voice and video, application sharing, white board, file transfer and remote assistance. Skype is a widely used program for communicating with other users over the Internet. This program is prone to multiple vulnerabilities. |
||
|
Vulnerability Details Instant Messaging applications such as Skype, are prone to multiple vulnerabilities. The impacts of these vulnerabilities could range from modifying data in a victim's friend list, to a denial of service attack, to the execution of malicious code on a victim's system. For example, passing an overly long user name and password for authorization may cause a buffer overflow that could bring down the Instant Messenger server. In addition, Instant Messaging capabilities such as file transfer are a potential source of virus and worm infections. |
Protection Overview
By enabling this protection, SmartDefense will detect and block Skype version 3.2.0.175 and prior.
Users are protected against this vulnerability if the Instant Messaging protection for blocking known hazards addressed in the Protection section of CPSA-2005-07 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Instant Messengers > Skype.
2. In the configuration pane, under Settings > Mode, check Active.
Configuration options:
Block proprietary protocols on all ports prevents all communication using this peer to peer application.
Block masquerading over HTTP protocol prevents communication using a peer to peer application that operates over HTTP. You can also specify that only certain HTTP header patterns will be blocked.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Instant Messengers
Attack Information: Skype protocol detected on connection
VPN-1 NGX R61, R60 & VPN-1 NG with Application Intelligence R55W
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Instant Messengers.
2. Select the following:
Skype
Configuration options:
Block proprietary protocols on all ports prevents all communication using this peer to peer application.
Block masquerading over HTTP protocol prevents communication using a peer to peer application that operates over HTTP. You can also specify that only certain HTTP header patterns will be blocked.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Instant Messengers
Attack Information: Skype protocol detected on connection
InterSpect NGX
How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > Instant Messengers.
3. Select the following protection:
Skype
Configuration options:
Block proprietary protocols on all ports prevents all communication using this peer to peer application.
Block masquerading over HTTP protocol prevents communication using a peer to peer application that operates over HTTP. You can also specify that only certain HTTP header patterns will be blocked.
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Instant Messengers
Attack Information: Skype protocol detected on connection
InterSpect 2.0
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Peer to Peer.
2. Select the following protection:
Skype
Configuration options:
Block proprietary protocols on all ports prevents all communication using this peer to peer application.
3. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Instant Messengers
Attack Information: Skype protocol detected on connection